CVE-2021-46757 - Vulnerability Details

Description

Insufficient checking of memory buffer in ASP
Secure OS may allow an attacker with a malicious TA to read/write to the ASP
Secure OS kernel virtual address space potentially leading to privilege
escalation.

Published: 2024-02-13

Score: 7.8 High

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

No analysis available yet.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

AMD

AMD Ryzen™ Embedded 5000

unaffected

Version	Status	Constraints
`various`	affected	—

AMD

AMD Ryzen™ Embedded V2000

unaffected

Version	Status	Constraints
`various`	affected	—

Configuration 1 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_5950e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_5950e:-:*:*:*:*:*:*:*

Configuration 2 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_5900e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_5900e:-:*:*:*:*:*:*:*

Configuration 3 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_5800e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_5800e:-:*:*:*:*:*:*:*

Configuration 4 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_5600e_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_5600e:-:*:*:*:*:*:*:*

Configuration 5 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_v2516_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_v2516:-:*:*:*:*:*:*:*

Configuration 6 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_v2546_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_v2546:-:*:*:*:*:*:*:*

Configuration 7 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_v2718_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_v2718:-:*:*:*:*:*:*:*

Configuration 8 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_v2748_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_v2748:-:*:*:*:*:*:*:*

Configuration 9 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_r2312_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_r2312:-:*:*:*:*:*:*:*

Configuration 10 [-]

AND

cpe:2.3:o:amd:ryzen_embedded_r2314_firmware:*:*:*:*:*:*:*:*

cpe:2.3:h:amd:ryzen_embedded_r2314:-:*:*:*:*:*:*:*

No data.

No data available yet.

Remediation

No remediation available yet.

Tracking

Sign in to view the affected projects.

Advisories

Source	ID	Title
EUVD	EUVD-2021-33413	Insufficient checking of memory buffer in ASP Secure OS may allow an attacker with a malicious TA to read/write to the ASP Secure OS kernel virtual address space potentially leading to privilege escalation.

No CVSS v4.0

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00088.

Exploitation none

Automatable no

Technical Impact total

References

Link	Providers
https://www.amd.com/en/corporate/product-security/bulletin/AMD-SB-5001

History

Wed, 07 May 2025 21:15:00 +0000

Type	Values Removed	Values Added
Weaknesses		CWE-119
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Thu, 24 Oct 2024 14:00:00 +0000

Type	Values Removed	Values Added
First Time appeared		Amd Amd ryzen Embedded 5600e Amd ryzen Embedded 5600e Firmware Amd ryzen Embedded 5800e Amd ryzen Embedded 5800e Firmware Amd ryzen Embedded 5900e Amd ryzen Embedded 5900e Firmware Amd ryzen Embedded 5950e Amd ryzen Embedded 5950e Firmware Amd ryzen Embedded R2312 Amd ryzen Embedded R2312 Firmware Amd ryzen Embedded R2314 Amd ryzen Embedded R2314 Firmware Amd ryzen Embedded V2516 Amd ryzen Embedded V2516 Firmware Amd ryzen Embedded V2546 Amd ryzen Embedded V2546 Firmware Amd ryzen Embedded V2718 Amd ryzen Embedded V2718 Firmware Amd ryzen Embedded V2748 Amd ryzen Embedded V2748 Firmware
Weaknesses		NVD-CWE-noinfo
CPEs		cpe:2.3:h:amd:ryzen_embedded_5600e:-:::::::* cpe:2.3:h:amd:ryzen_embedded_5800e:-:::::::* cpe:2.3:h:amd:ryzen_embedded_5900e:-:::::::* cpe:2.3:h:amd:ryzen_embedded_5950e:-:::::::* cpe:2.3:h:amd:ryzen_embedded_r2312:-:::::::* cpe:2.3:h:amd:ryzen_embedded_r2314:-:::::::* cpe:2.3:h:amd:ryzen_embedded_v2516:-:::::::* cpe:2.3:h:amd:ryzen_embedded_v2546:-:::::::* cpe:2.3:h:amd:ryzen_embedded_v2718:-:::::::* cpe:2.3:h:amd:ryzen_embedded_v2748:-:::::::* cpe:2.3:o:amd:ryzen_embedded_5600e_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_5800e_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_5900e_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_5950e_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_r2312_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_r2314_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_v2516_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_v2546_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_v2718_firmware:::::::: cpe:2.3:o:amd:ryzen_embedded_v2748_firmware::::::::
Vendors & Products		Amd Amd ryzen Embedded 5600e Amd ryzen Embedded 5600e Firmware Amd ryzen Embedded 5800e Amd ryzen Embedded 5800e Firmware Amd ryzen Embedded 5900e Amd ryzen Embedded 5900e Firmware Amd ryzen Embedded 5950e Amd ryzen Embedded 5950e Firmware Amd ryzen Embedded R2312 Amd ryzen Embedded R2312 Firmware Amd ryzen Embedded R2314 Amd ryzen Embedded R2314 Firmware Amd ryzen Embedded V2516 Amd ryzen Embedded V2516 Firmware Amd ryzen Embedded V2546 Amd ryzen Embedded V2546 Firmware Amd ryzen Embedded V2718 Amd ryzen Embedded V2718 Firmware Amd ryzen Embedded V2748 Amd ryzen Embedded V2748 Firmware
Metrics		cvssV3_1 `{'score': 7.8, 'vector': 'CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Amd Ryzen Embedded 5600e Ryzen Embedded 5600e Firmware Ryzen Embedded 5800e Ryzen Embedded 5800e Firmware Ryzen Embedded 5900e Ryzen Embedded 5900e Firmware Ryzen Embedded 5950e Ryzen Embedded 5950e Firmware Ryzen Embedded R2312 Ryzen Embedded R2312 Firmware Ryzen Embedded R2314 Ryzen Embedded R2314 Firmware Ryzen Embedded V2516 Ryzen Embedded V2516 Firmware Ryzen Embedded V2546 Ryzen Embedded V2546 Firmware Ryzen Embedded V2718 Ryzen Embedded V2718 Firmware Ryzen Embedded V2748 Ryzen Embedded V2748 Firmware

MITRE

Status: PUBLISHED

Assigner: AMD

Published: 2024-02-13T19:23:57.918Z

Updated: 2025-05-07T21:08:36.540Z

Reserved: 2022-03-31T16:50:27.868Z

Link: CVE-2021-46757

Vulnrichment

Updated: 2024-08-04T05:17:42.302Z

NVD

Status : Modified

Published: 2024-02-13T20:15:50.060

Modified: 2025-05-07T22:15:15.447

Link: CVE-2021-46757

Redhat

No data.

OpenCVE Enrichment

No data.

Weaknesses

Tracking

Attack Vector Local

Attack Complexity Low

Privileges Required Low

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object